Basic Ubuntu Server Setup for Secure Operation

This guide will help you safely prepare your Ubuntu server. It’s perfect for beginners and explains every step clearly.

📋 Prerequisites

• A VPS or dedicated server with Ubuntu 22.04+.
• SSH access (login + password or root).
• A local terminal (Terminal app, PuTTY, or equivalent).

🗂️ Table of Contents

1. What You'll Configure
2. Create a New User and Grant SUDO Rights
3. Secure SSH Access
4. Install and Configure Firewall (UFW)
5. Enable Automatic Updates
6. What's Next?

1. What You'll Configure

In this guide, you will:

- Create a non-root user with sudo rights or use multipass.

• Set up SSH key-based authentication.
• Disable root login and password authentication.
• Enable a firewall and automatic updates.

🧩 Diagram:

Copy[Local PC] -- ssh --> [ Ubuntu Server ]

2. Create a New User and Grant SUDO Rights

root is the Linux superuser, but it's unsafe to work under root all the time.

Step 2.1 — Create a user

Copyadduser <username>

Step 2.2 — Add user to sudo group

Copyusermod -aG sudo <username>

Step 2.3 — Verify

Copygetent group sudo

☑️ Check: The user should now be listed in the sudo group.

💡 Tip: Switch to the user:

Copysu - <username>
sudo whoami   # should output "root"

3. Secure SSH Access

Step 3.1 — Add your SSH key

On your local machine:

Copycat ~/.ssh/id_rsa.pub

On the server:

Copymkdir -p /home/<username>/.ssh
nano /home/<username>/.ssh/authorized_keys

Step 3.2 — Set permissions

Copychmod 700 /home/<username>/.ssh
chmod 600 /home/<username>/.ssh/authorized_keys
chown -R <username>:<username> /home/<username>/.ssh

⚠️ Important: Test key-based login from another terminal window before disabling password authentication!

Step 3.3 — Configure /etc/ssh/sshd_config

Copynano /etc/ssh/sshd_config

CopyPermitRootLogin no               # disable root login
PasswordAuthentication no        # disable password login
ClientAliveInterval 300          # ping client every 5 mins
ClientAliveCountMax 0            # disconnect if client unresponsive
X11Forwarding no                 # disable X11 forwarding
AllowTcpForwarding no            # disable TCP forwarding

🟢 Personal tip: Always validate the config before restarting.

Step 3.4 — Validate the config

Copysshd -t

Step 3.5 — Restart SSH (your current session stays active)

Copysystemctl restart sshd

✅ Existing SSH sessions will not be interrupted.

4. Install and Configure Firewall (UFW)

Step 4.1 — Install UFW

Copyapt update
apt install ufw

Step 4.2 — Allow SSH port

Copyufw allow 22/tcp

Or if using a non-default port:

Copyufw allow 2222/tcp

Step 4.3 — Enable UFW

Copyufw enable
ufw status

☑️ Check: UFW should show "active" and your SSH port should be open.

5. Enable Automatic Updates

Step 5.1 — Install packages

Copyapt install unattended-upgrades apt-listchanges

Step 5.2 — Enable auto-updates

Copydpkg-reconfigure --priority=low unattended-upgrades

Select Yes when prompted.

Step 5.3 — Manual test

Copyunattended-upgrade -d

Step 5.4 — Check logs

Copycat /var/log/unattended-upgrades/unattended-upgrades.log

6. What's Next?

• ☑️ Install fail2ban to block brute-force attacks.
• ☑️ Add auditd or rsyslog for logging.
• ☑️ Enable 2FA for SSH (e.g., google-authenticator).
• ☑️ Make a backup of your /etc/ssh/sshd_config.

🎉 Done! Your server is now protected and ready for production 🚀

Mini-glossary:

• root — the Linux administrator account.
• sudo — run commands with administrator rights.
• SSH — protocol for secure remote login.
• Firewall — tool for controlling network traffic.
• UFW — uncomplicated firewall tool for Ubuntu.